General

  • Target

    81498b31ec61a1dd982aa6b8110a7513

  • Size

    376KB

  • Sample

    240130-a5v58seca8

  • MD5

    81498b31ec61a1dd982aa6b8110a7513

  • SHA1

    bc1494afcc6b207bd2c53dea7bafa01edaf9074b

  • SHA256

    6a5b8ecfa8e36f0d7a4153c716045c94d443bccaa2946632578a073350a14345

  • SHA512

    721a739756c9f9dbd23c318004bad11ba3ab7b9496e0622b6666f39f257cbdbfd11d93c281e56ae34b4cb56cabef2308f498e929fe3d7b372f70cea2ad65ad45

  • SSDEEP

    1536:9zUnLApmGtK8L9zL8L76c5HgzzUwyCmGYAASa:9jL9zLA68g3pT

Malware Config

Extracted

Family

xtremerat

C2

mrjoo.no-ip.info

Targets

    • Target

      81498b31ec61a1dd982aa6b8110a7513

    • Size

      376KB

    • MD5

      81498b31ec61a1dd982aa6b8110a7513

    • SHA1

      bc1494afcc6b207bd2c53dea7bafa01edaf9074b

    • SHA256

      6a5b8ecfa8e36f0d7a4153c716045c94d443bccaa2946632578a073350a14345

    • SHA512

      721a739756c9f9dbd23c318004bad11ba3ab7b9496e0622b6666f39f257cbdbfd11d93c281e56ae34b4cb56cabef2308f498e929fe3d7b372f70cea2ad65ad45

    • SSDEEP

      1536:9zUnLApmGtK8L9zL8L76c5HgzzUwyCmGYAASa:9jL9zLA68g3pT

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks